In its ongoing effort to help auditors, our national professional society, the AICPA, annually provides us with an Audit Risk Alert, which is a summary of key legislation and other matters that are currently impacting the nonprofit world. This is so we can understand your environment and adjust our procedures accordingly.

This year one of the areas that was cited was measuring effectiveness. The alert said that donors, regulators and rating agencies, as well as your annual federal reporting form (990, 990EZ) are requiring more performance reporting and nonprofits are looking for new ways to present results. They said that charities are using fact sheets, third-party studies and visual illustrations of how programs are designed, monitored and evaluated.

In this day and age, you need to do performance reporting. How can you do it well and efficiently so you don’t have to take too much time away from performance?

The United Way of America and our local United Way have been focused on outcome measures for many years. One useful resource can be found on Strengthening Nonprofits’ Resource Library. Although guidance on measuring outcomes was developed years ago, it remains as a valuable resource to nonprofits.

Their training uses some United Way descriptions including:

“outcome measurement” – the regular systematic tracking of the extent to which program participants experienced benefits or changes that were intended, and

“outcome” – not “how many worms the bird feeds its young, but how well the fledgling flies”.

long-term outcomes (change in social, economic and political conditions and the environment)

There are personal and financial costs of focusing on outcome measurement, but the National Council of Nonprofits states that “in an environment of increasingly limited resources, those nonprofits that can demonstrate that they are truly making an impact will be the ones most likely to attract resources and talent, and therefore be the most sustainable”.

Uniform Guidance (guidelines for organizations receiving federal awards) states that you must establish and maintain internal controls over federal awards that provide reasonable assurance that you are managing them in compliance with general federal requirements and the specific rules for the funding you receive. Internal controls should be in compliance with the Green Book and/or with COSO.

COSO, which stands for The Committee of Sponsoring Organizations (composed of accounting leadership organizations), or

The Green Book – Standards for Internal Control in the Federal Government

Both of these have been recently updated to take into account how changes in technology have affected all businesses.

You don’t need to master both of these; in fact, they are very similar. They both identify same elements that are necessary for proper internal controls. They are:

The Control Environment – your board and senior management competence and commitment to proper controls,

Risk Assessment – a careful look at your organization’s operations and consideration of what could “go wrong” (what might prevent you from accomplishing your objectives, expose you to risk with funders or regulators, or cause financial loss or be an embarrassment),

Control Activities – policies and procedures that are put in place such as segregation of responsibilities, reviews, and reconciliations,

Information and Communication – clear communication from management to staff about the policies, procedures, and controls that are in place, and

Monitoring Activities – periodic follow-up to reassess potential risks, to make sure that controls are still appropriate based on current operations and that they are still being followed. In big organizations, this can be done with an internal audit function. In smaller organizations it will more likely be done by an audit or finance committee.

Possible Monitoring Activities

Your written policies set standards for performance. Monitoring should include a review of your policies to be sure they are current and appropriate. It should also determine whether staff are familiar with your policies. Is training of new and current staff appropriate? Be sure to review personnel, conflict-of-interest and whistleblower protection policies.

Determine what security measures are in place over confidential information such as employee, donor and credit card information.

Your risk assessment and monitoring should also consider the safety of your staff, clients and others who have a relationship with your organization.

Check whether images of checks are provided with your checking account bank statement and verify whether an independent person reviews checks, electronic payments and transfers to be sure they are proper.

Check how up-to-date bank reconciliations are.

Look at documentation for vouchers/drawdowns to be sure that it is properly detailed and supports the voucher.

Look at some invoices for purchases to determine whether they are properly marked to document approval, nonpayment of sales tax, and to note payment.

Check whether unused checks and undeposited checks and cash received are kept in a locked/secure area.

Review charge card statements to see if there is an independent review and the documentation for all purchases.

Review expense reimbursements, especially for senior personnel to verify that there is proper documentation and an independent review.

The great majority of frauds are uncovered by employees. Interview to be sure that employees know that they are encouraged to communicate any wrongdoing, and that they are familiar with the process for doing so.

Look at how time worked is documented and whether there was an independent review of time worked.

So, as you establish controls over your federal awards, keep these principles in mind and remember that controls are a system, and an ongoing process, not an event.

In our next issue we will provide a list of potential controls and the risks they are designed to minimize.